Level 53

I would say more. AV's are becoming obsolete with tools like VodooShield or AppGuard and the only problem is that the majority of the people cannot understand how those tools are working and they completely rely on AV's and disable their common sense. Our mission is to educate people around us and show them alternatives for highly overrated security suites.
Default-deny and good browsing habits are the best security combo.

Level 54

A report hits the security forums and, as usual, it almost invariably and immediately gets over-inflated. People cursorily read the article without studying it carefully and without doing any kind of online research - see the word "bypass" somewhere in the article - and cry "infection vector !" and begin the mandatory FUD scuzzlebutt campaigns (there's a guy over at Wilders that has made it a full-time career) - and make the move to start demanding additional protection features from their vendor(s) of choice.

Most of the time the articles are not written in an easily understood manner that a lay-person can connect to their home system in practical, concrete terms... whether or not it even applies to them.

Moderator

The vulnerability is known since many years but now the code is public as the effect on AV/the fact the miss it.
The question is, if it is known since so many years and user should not worry too much, why nobody (msft, AV) fixed it?
The fact most AV don't detect it (still) and virtually every program can be injected/used maliciously is not reassuring.
I'm still reading about it but still need to find a good page that makes clarity on this issue and on how to avoid it.

Level 19

The vulnerability is known since many years but now the code is public as the effect on AV/the fact the miss it.
The question is, if it is known since so many years and user should not worry too much, why nobody (msft, AV) fixed it?
The fact most AV don't detect it (still) and virtually every program can be injected/used maliciously is not reassuring.
I'm still reading about it but still need to find a good page that makes clarity on this issue and on how to avoid it.

Level 21

Avast, statement attributed to Ondrej Vlcek, CTO and GM of consumer business: “We were alerted by Cybellum last year through our bug bounty program to a potential self-defense bypass exploit. We implemented the fix at the time of reporting and therefore can confirm that both the Avast and AVG 2017 products, launched earlier this year, are not vulnerable. It is important to note that the exploit requires administrator privileges to conduct the attack and once that's the case, there are numerous other ways to cause damage or modify the underlying operating system itself. Therefore, we rate the severity of this issue as "low" and Cybellum's emphasis on the risk of this exploit to be overstated.Microsoft tool exploit DoubleAgent can turn antivirus software into your worst enemy

Level 31

Level 20

Microsoft issued the following statement through a company spokespesron: "The technique described in the report requires an already-compromised machine and only affects third-party applications that don't use Protected Processes." Protected Processes is a Microsoft security model and code integrity service first offered with Windows 8.1 that enables AV vendors launch their to anti-malware user-mode services as a protected service by allowing only trusted, signed code to load. It also includes built-in defense against code injection attacks and other admin-level attacks. Cybellum noted in its post that no AV software, other than Microsoft's very own product, uses this service.

Level 54

The vulnerability is known since many years but now the code is public as the effect on AV/the fact the miss it.
The question is, if it is known since so many years and user should not worry too much, why nobody (msft, AV) fixed it?
The fact most AV don't detect it (still) and virtually every program can be injected/used maliciously is not reassuring.
I'm still reading about it but still need to find a good page that makes clarity on this issue and on how to avoid it.

We use cookies to improve your browsing experience on our site, show personalized content and targeted ads, analyze site traffic, and understand where our audience is coming from.
By continuing to use this site, you are consenting to our use of cookies.